Skip to content

Bump the npm_and_yarn group across 2 directories with 8 updates#113

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-907029d866
Open

Bump the npm_and_yarn group across 2 directories with 8 updates#113
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-907029d866

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 19, 2026

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
@sveltejs/kit 2.22.5 2.52.2
vite 5.4.19 5.4.21
esbuild 0.21.5 0.27.3
playwright 1.45.2 1.58.2
tar 7.4.0 7.5.9

Bumps the npm_and_yarn group with 2 updates in the /tiles directory: esbuild and wrangler.

Updates @sveltejs/kit from 2.22.5 to 2.52.2

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.52.2

Patch Changes

  • fix: validate form file information to prevent amplification attacks (3e607b3)

  • chore: upgrade devalue and svelte (#15339)

  • fix: parse file offset table more strictly (f47c01b)

@​sveltejs/kit@​2.52.0

Minor Changes

  • feat: match function to map a path back to a route id and params (#14997)

Patch Changes

  • fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

  • fix: resolve will narrow types to follow trailing slash page settings (#15027)

@​sveltejs/kit@​2.51.0

Minor Changes

  • feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

    Navigation callbacks (beforeNavigate, onNavigate, and afterNavigate) now include scroll position information via the scroll property on from and to targets:

    • from.scroll: The scroll position at the moment navigation was triggered
    • to.scroll: In beforeNavigate and onNavigate, this is populated for popstate navigations (back/forward) with the scroll position that will be restored, and null for other navigation types. In afterNavigate, this is always the final scroll position after navigation completed.

    This enables use cases like animating transitions based on the target scroll position when using browser back/forward navigation.

  • feat: hydratable's injected script now works with CSP (#15048)

Patch Changes

  • fix: put preloads before styles (#15232)

  • fix: suppress false-positive inner content warning when children prop is forwarded to a child component (#15269)

  • fix: fetch not working when URL is same host but different than paths.base (#15291)

  • fix: navigate to hash link when base element is present (#15236)

... (truncated)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.52.2

Patch Changes

  • fix: validate form file information to prevent amplification attacks (3e607b3)

  • chore: upgrade devalue and svelte (#15339)

  • fix: parse file offset table more strictly (f47c01b)

2.52.1

Patch Changes

  • fix: clear stale preflight issues on subsequent valid form submissions (#15281)

  • chore: remove dependency on sade (#15272)

  • fix: include .txt files in precompression (#15259)

  • fix: escape backticks and dollar signs when creating inlined css (#15320)

  • fix: increment form.pending count before preflight validation (#15279)

2.52.0

Minor Changes

  • feat: match function to map a path back to a route id and params (#14997)

Patch Changes

  • fix: respect scroll-margin when navigating to a url-supplied anchor (#15246)

  • fix: resolve will narrow types to follow trailing slash page settings (#15027)

2.51.0

Minor Changes

  • feat: add scroll property to NavigationTarget in navigation callbacks (#15248)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​sveltejs/kit since your current version.


Updates vite from 5.4.19 to 5.4.21

Release notes

Sourced from vite's releases.

v5.4.21

Please refer to CHANGELOG.md for details.

v5.4.20

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

5.4.21 (2025-10-20)

5.4.20 (2025-09-08)

Commits

Updates devalue from 5.1.1 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

  • 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

  • b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.


Updates esbuild from 0.21.5 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
      <html>
        <head><link rel="stylesheet" href="icons.css"></head>
        <body><div class="triangle"></div></body>
      </html>
    • icons.css:

      .triangle {
        width: 10px;
        height: 10px;
        background: currentColor;
        clip-path: url(./triangle.svg#x);
      }
    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
        <defs>
          <clipPath id="x">
            <path d="M0 0H10V10Z"/>
          </clipPath>
        </defs>
      </svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
    }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.


Updates playwright from 1.45.2 to 1.58.2

Release notes

Sourced from playwright's releases.

v1.58.2

Highlights

#39121 fix(trace viewer): make paths via stdin work #39129 fix: do not force swiftshader on chromium mac

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

  • Chromium 145.0.7632.6
  • Mozilla Firefox 146.0.1
  • WebKit 26.0

v1.58.0

📣 Playwright CLI+SKILLs 📣

We are adding a new token-efficient CLI mode of operation to Playwright with the skills located at playwright-cli. This brings the long-awaited official SKILL-focused CLI mode to our story and makes it more coding agent-friendly.

It is the first snapshot with the essential command set (which is already larger than the original MCP!), but we expect it to grow rapidly. Unlike the token use, that one we expect to go down since snapshots are no longer forced into the LLM!

Timeline

If you're using merged reports, the HTML report Speedboard tab now shows the Timeline:

Timeline chart in the HTML report

UI Mode and Trace Viewer Improvements

  • New 'system' theme option follows your OS dark/light mode preference
  • Search functionality (Cmd/Ctrl+F) is now available in code editors
  • Network details panel has been reorganized for better usability
  • JSON responses are now automatically formatted for readability

Thanks to @​cpAdm for contributing these improvements!

Miscellaneous

browserType.connectOverCDP() now accepts an isLocal option. When set to true, it tells Playwright that it runs on the same host as the CDP server, enabling file system optimizations.

Breaking Changes ⚠️

  • Removed _react and _vue selectors. See locators guide for alternatives.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for playwright since your current version.


Updates tar from 7.4.0 to 7.5.9

Changelog

Sourced from tar's changelog.

Changelog

7.5

  • Added zstd compression support.
  • Consistent TOCTOU behavior in sync t.list
  • Only read from ustar block if not specified in Pax
  • Fix sync tar.list when file size reduces while reading
  • Sanitize absolute linkpaths properly
  • Prevent writing hardlink entries to the archive ahead of their file target

7.4

  • Deprecate onentry in favor of onReadEntry for clarity.

7.3

  • Add onWriteEntry option

7.2

  • DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

  • Update minipass to v7.1.0
  • Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

  • Drop support for node <18
  • Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
  • Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
  • Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
  • Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates esbuild from 0.17.19 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
      <html>
        <head><link rel="stylesheet" href="icons.css"></head>
        <body><div class="triangle"></div></body>
      </html>
    • icons.css:

      .triangle {
        width: 10px;
        height: 10px;
        background: currentColor;
        clip-path: url(./triangle.svg#x);
      }
    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
        <defs>
          <clipPath id="x">
            <path d="M0 0H10V10Z"/>
          </clipPath>
        </defs>
      </svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
    }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for esbuild since your current version.


Updates wrangler from 3.73.0 to 4.67.0

Release notes

Sourced from wrangler's releases.

wrangler@4.67.0

Minor Changes

  • #12401 8723684 Thanks @​jonesphillip! - Add validation retry loops to pipelines setup command

    The wrangler pipelines setup command now prompts users to retry when validation errors occur, instead of failing the entire setup process. This includes:

    • Validation retry prompts for pipeline names, bucket names, and field names
    • A "simple" mode for sink configuration that uses sensible defaults
    • Automatic bucket creation when buckets don't exist
    • Automatic Data Catalog enablement when not already active

    This improves the setup experience by allowing users to correct mistakes without restarting the entire configuration flow.

  • #12395 aa82c2b Thanks @​cmackenzie1! - Generate typed pipeline bindings from stream schemas

    When running wrangler types, pipeline bindings now generate TypeScript types based on the stream's schema definition. This gives you full autocomplete and type checking when sending data to your pipelines.

    // wrangler.json
    {
    	"pipelines": [
    		{ "binding": "ANALYTICS", "pipeline": "analytics-stream-id" },
    	],
    }

    If your stream has a schema with fields like user_id (string) and event_count (int32), the generated types will be:

    declare namespace Cloudflare {
    	type AnalyticsStreamRecord = { user_id: string; event_count: number };
    	interface Env {
    		ANALYTICS: Pipeline<Cloudflare.AnalyticsStreamRecord>;
    	}
    }

    For unstructured streams or when not authenticated, bindings fall back to the generic Pipeline<PipelineRecord> type.

Patch Changes

  • #12592 aaa7200 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260217.0 1.20260218.0

... (truncated)

Commits
  • 88705ad Version Packages (#12580)
  • ca58062 [wrangler] Stop redacting account names in non-interactive mode (#12598)
  • e2a6600 fix: pass --env flag to auxiliary workers in multi-worker mode (#12604)
  • 2f19a40 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12606)
  • 8723684 Improve pipelines setup command with validation retry loops (#12401)
  • 0b17117 improve: bump up maximum allowed value for Queue delivery and retry delay to ...
  • aa82c2b Generate typed pipeline bindings from stream schemas (#12395)
  • b7841db Migrate tests from unstable_dev() to unstable_startWorker() (#12053)
  • 5f9f0b4 feat(unenv-preset): add support for native node:readline module (#11734)
  • aaa7200 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12592)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.


Updates wrangler from 3.73.0 to 4.67.0

Release notes

Sourced from wrangler's releases.

wrangler@4.67.0

Minor Changes

  • #12401 8723684 Thanks @​jonesphillip! - Add validation retry loops to pipelines setup command

    The wrangler pipelines setup command now prompts users to retry when validation errors occur, instead of failing the entire setup process. This includes:

    • Validation retry prompts for pipeline names, bucket names, and field names
    • A "simple" mode for sink configuration that uses sensible defaults
    • Automatic bucket creation when buckets don't exist
    • Automatic Data Catalog enablement when not already active

    This improves the setup experience by allowing users to correct mistakes without restarting the entire configuration flow.

  • #12395 aa82c2b Thanks @​cmackenzie1! - Generate typed pipeline bindings from stream schemas

    When running wrangler types, pipeline bindings now generate TypeScript types based on the stream's schema definition. This gives you full autocomplete and type checking when sending data to your pipelines.

    // wrangler.json
    {
    	"pipelines": [
    		{ "binding": "ANALYTICS", "pipeline": "analytics-stream-id" },
    	],
    }

    If your stream has a schema with fields like user_id (string) and event_count (int32), the generated types will be:

    declare namespace Cloudflare {
    	type AnalyticsStreamRecord = { user_id: string; event_count: number };
    	interface Env {
    		ANALYTICS: Pipeline<Cloudflare.AnalyticsStreamRecord>;
    	}
    }

    For unstructured streams or when not authenticated, bindings fall back to the generic Pipeline<PipelineRecord> type.

Patch Changes

  • #12592 aaa7200 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260217.0 1.20260218.0

... (truncated)

Commits
  • 88705ad Version Packages (#12580)
  • ca58062 [wrangler] Stop redacting account names in non-interactive mode (#12598)
  • e2a6600 fix: pass --env flag to auxiliary workers in multi-worker mode (#12604)
  • 2f19a40 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12606)
  • 8723684 Improve pipelines setup command with validation retry loops (#12401)
  • 0b17117 improve: bump up maximum allowed value for Queue delivery and retry delay to ...
  • aa82c2b Generate typed pipeline bindings from stream schemas (#12395)
  • b7841db Migrate tests from unstable_dev() to unstable_startWorker() (#12053)
  • 5f9f0b4 feat(unenv-preset): add support for native node:readline module (#11734)
  • aaa7200 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12592)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.


Updates undici from 5.28.4 to 7.18.2

Release notes

Sourced from undici's releases.

v7.18.2

⚠️ Security Release

This fixes GHSA-g9mf-h72j-4rw9 and CVE-2026-22036.

What's Changed

Full Changelog: nodejs/undici@v7.18.1...v7.18.2

v7.18.1

What's Changed

Full Changelog: nodejs/undici@v7.18.0...v7.18.1

v7.18.0

What's Changed

Full Changelog: nodejs/undici@v7.17.0...v7.18.0

v7.17.0

What's Changed

...

Description has been truncated

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) | `2.22.5` | `2.52.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `5.4.21` |
| [esbuild](https://github.com/evanw/esbuild) | `0.21.5` | `0.27.3` |
| [playwright](https://github.com/microsoft/playwright) | `1.45.2` | `1.58.2` |
| [tar](https://github.com/isaacs/node-tar) | `7.4.0` | `7.5.9` |

Bumps the npm_and_yarn group with 2 updates in the /tiles directory: [esbuild](https://github.com/evanw/esbuild) and [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).


Updates `@sveltejs/kit` from 2.22.5 to 2.52.2
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.52.2/packages/kit)

Updates `vite` from 5.4.19 to 5.4.21
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite)

Updates `devalue` from 5.1.1 to 5.6.3
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v5.1.1...v5.6.3)

Updates `esbuild` from 0.21.5 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.21.5...v0.27.3)

Updates `playwright` from 1.45.2 to 1.58.2
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.45.2...v1.58.2)

Updates `tar` from 7.4.0 to 7.5.9
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.0...v7.5.9)

Updates `esbuild` from 0.17.19 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.21.5...v0.27.3)

Updates `wrangler` from 3.73.0 to 4.67.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.67.0/packages/wrangler)

Updates `wrangler` from 3.73.0 to 4.67.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.67.0/packages/wrangler)

Updates `undici` from 5.28.4 to 7.18.2
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v7.18.2)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.52.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 5.4.21
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: devalue
  dependency-version: 5.6.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: playwright
  dependency-version: 1.58.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 7.5.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.67.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: wrangler
  dependency-version: 4.67.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 7.18.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 19, 2026
@netlify
Copy link

netlify bot commented Feb 19, 2026

Deploy Preview for qtmmirror failed.

Name Link
🔨 Latest commit 4756f19
🔍 Latest deploy log https://app.netlify.com/projects/qtmmirror/deploys/699719a437887b00081f43ec

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants